1. Healthcare

Innovative | Reliable | Affordable
I am Pivotal
CREDIT CARD PROCESSING
HANDBOOK
Finding What You Need
Let’s Get Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
How to Read Your Statement . . . . . . . . . . . . . . . . . . . . . . . . 2
About Pivotal Payments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Order Your Free Credit Card Signage . . . . . . . . . . . . . . . . . 4
Voice Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Minimize Your Account Risk – Dos and Don’ts . . . . . . . . . 6-7
Keeping Your Paperwork In Order . . . . . . . . . . . . . . . . . . . . 8
Disclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Financial Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
What you need to know about PCI Compliance . . . . . . . . 11
Important Links for PCI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Visa CISP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
MasterCard SDPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Protecting Yourself Against Fraud . . . . . . . . . . . . . . . . . . . . 15-16
Identifying Counterfeit/Altered Cards . . . . . . . . . . . . . . . . . 17
Processing Credit Card Transactions . . . . . . . . . . . . . . . . . 18-21
Processing Credits (Refunds) VIA Your Terminal . . . . . . . 22
Submitting Your Credit Card Charges and Credits.. . . . . . . 23
Accepting Debit Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24-25
Chargeback Management . . . . . . . . . . . . . . . . . . . . . . . . . . 26
The Chargeback Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26-28
Chargeback Reasons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29-32
Social and Business Networks . . . . . . . . . . . . . . . . . . . . . . . 33
PCS0502_TSYS/TSYS
1
Always Ready to Assist You!
At Pivotal Payments, we value your business and encourage you to call if you
require assistance with your payment processing needs.
Merchant Support
Technical Support:
Billing/Statement Questions:
Retrieval/Chargebacks:
1 877 772-3346
1 877 772-3346
1 301 631-6891
Merchant Supplies Order Desk
Telephone:
Fax:
Hours: 7 days a week
1 877 772-3346
1 866 883-1508
9:00am to 5:00pm EST
Voice Authorization
Visa/Discover® Network/MasterCard: 1 800 291-4840
(see page 5 for detailed instructions)
American Express:
1 800 528-2121
Diners:
1 800 525-9040
JCB:1 800 366-4522
Hours:
24 hrs/day – 7 days/week
Customer Service
American Express:
1 800 445-2639
Diners:
1 800 347-1111
JCB:1 800 366-4522
Hours:
24 hrs/day – 7 days a week
Order Your Free Credit Card Signage
Let your clients know that your business makes it easier and more convenient
for them to pay. Visa, MasterCard and American Express offer free credit card
stickers, decals and signage for you to display on your store window or at the
checkout.
Easily order these free stickers at www.pivotalpayments.com/decals
4
PCS0502_TSYS/TSYS
Voice Authorization
In the event that you cannot obtain an electronic authorization from your
terminal, you must call for a voice authorization.
Below are the voice authorization numbers for each of the major credit cards:
Visa/ Discover Network/MasterCard:
American Express:
Diners: JCB: 1 800 291-4840
1 800 528-2121
1 800 525-9040
1 800 366-4522
When calling to obtain a voice authorization, you will be required to provide:
• The credit card number and expiration date.
• The merchant account number (MID) identifying
you to the voice authorization system. If your MID
begins with 6314, use only the last 12 digits; if
your MID starts with 2866, use the full number.
• The dollar amount of the transaction.
The operator will respond with an authorization number, which you should
write on the sales draft.
Note: You may also be required to call for an Authorization Approval Code in
response to a "Please Call" or "Call Center" message that you have received
from your terminal when attempting to process a transaction.
IMPORTANT!
Once you have obtained an authorization number for the transaction, you will
have to manually key the transaction into your terminal in order to receive
payment (settlement). You must enter the transaction as an "Offline" or "Force"
transaction and you will be prompted to key in the authorization number you
have received. You may refer to your terminal Quick Reference Guide or call us
for assistance.
PCS0502_TSYS/TSYS
5
Minimize Your Merchant Account Risk
As a merchant who accepts credit cards, there are regulations you should be
familiar with and certain precautions you should take to minimize potential risk
and insure maximum profitability. For your convenience, we have listed some of
the more important “Don’ts” of payment processing.
Credit Card Processing Don’ts:
Do Not DRAFT/ LAUNDER/ FACTOR! Process only those transactions originating from your place of business as described on your merchant application.
You must apply separately for any other business which you may own (in
whole or in part.)
Do Not process credits to a cardholders card unless you have an off-setting sale.
Do Not process transactions against your own, personal or business credit
cards or those of your employees, officers, spouses, etc. Transactions of this
type can be considered “cash advances” and are not permissible.
Do Not process any transaction that represents repayment of any existing
cardholder obligations such as return of a personal check or payment of an
outstanding loan.
Do Not store magnetic-stripe data after receiving authorization. After a
transaction is authorized, the full contents of track data, which is read from the
magnetic stripe, must not be retained on any systems.
Do not store CVV2, CID, CVC2 (the 3 or 4 digit code printed on the back of
the card) data. When asking a cardholder for security codes, merchants must
not document this information on any kind of paper order form or store it on
any database.
Know your liability. Merchant agreements now include provisions that hold
businesses liable for losses resulting from compromised card data if a business
(or its third-party processor) lacks adequate data security.
Do not accept credit card details via email ever.
6
PCS0502_TSYS/TSYS
Minimize Your Merchant Account Risk cont’d
Do Not “split sales” (see below for definition.)
Do Not process a transaction that was denied or declined by
the authorization center.
Do Not process a draft in which the signature does not match that
on the back of the card.
What is a “Split Sale”?
“split sale” is the processing of two or more sales slips for a single sale. As
A
per your agreement and governing regulations, you must process ONLY ONE
sales transaction through your terminal for each single sales draft signed by
your customer. Processing more than one sales transaction through your terminal for a single, signed draft is not permissible.
IMPORTANT NOTE:
ou must be able to supply a signed, authorized sales draft for every single
Y
transaction processed through your merchant terminal or you will be subject to
chargeback and full financial liability.
PCS0502_TSYS/TSYS
7
Keeping Your Paperwork in Order
It is important that you keep accurate and complete records of transactions you
are processing. This will assist you in tracing transactions and authorizations in
the event of a future customer dispute. As there are many don’ts, there are a
few dos as well.
Credit Card Processing Dos:
Do have ALL applicable transactions authorized. This minimizes your risk
of chargebacks.
Do keep copies of sales receipts for 12 months from the date of the original
transaction to ensure your ability to respond to copy requests and/or
chargebacks.
Do maintain the same policy for returns, refunds and/or exchanges for credit
card transactions as you do for cash transactions. If you do not permit refunds,
you must mark your sales drafts with the statement “NO REFUNDS”. However,
this statement does not limit the cardholder’s right to challenge a transaction
covered under federal, state and local laws or falling under bank, payment card
rules and regulations.
Do keep cardholder account numbers and personal information safe/confidential.
(See page 11 for more info).
8
PCS0502_TSYS/TSYS
Proper disclosure for Refunds and Exchanges
As a merchant, you are responsible for establishing the merchandise and
adjustment (credit) policies for your business. Clear disclosure of these policies
can help you avoid misunderstandings and potential cardholder disputes.
Below are some examples of return /credit policies for Card-present transactions.
DISCLOSURE STATEMENT
WHAT IT MEANS
NO Refunds or Returns
Your establishment does not issue refunds and does not accept
returned merchandise or merchandise exchanges.
Exchange Only
Your establishment is willing to exchange returned merchandise
for similar merchandise that is equal in price to the amount of the
original transaction.
In-Store Credit Only
Your establishment takes returned merchandise and gives the cardholder
an in-store credit for the value of the returned merchandise.
Special Circumstances
You and the cardholder have agreed to special terms. The agreed-upon
terms must then be written on the transaction receipt. The cardholder’s
signature on the receipt indicates acceptance of the terms.
Disclosure for Card-Not-Present transactions (Moto)
Your refund and exchange policies should be e-mailed, or faxed to the
cardholder. To complete the sale, the cardholder should sign and return the
disclosure statement to you.
Disclosure for Card-Not-Present transactions (Ecomm)
Your refund and exchange policies should be available to online customers
through clearly visible links on your home page. You should also provide a
“click through” confirmation for important elements of the policy.
PCS0502_TSYS/TSYS
9
Financial Information
Merchant Discount.
A merchant account Discount Rate is a fee paid by the merchant to the acquirer
for credit card processing purchases charged to a cardholder’s credit card. It is
an agreed upon rate charged on sales and returned transactions.
Transaction Fee
A merchant account Transaction fee is paid each time a merchant’s gateway, software,
or terminal dials and communicates with the credit card processor. This includes:
authorizations, sales, returns, closing of batch, and declined transactions.
Monthly Processing Fees
Your Monthly processing fees are calculated based on all the account fees
assessed throughout the month with each date’s activity. Monthly processing fees
normally do not include your Daily discount or reserves (if applicable). The total of
all Monthly Processing fees are debited from your checking account, also known
as your DDA, through ACH within the first 5 business days of the following month.
Month End Fees
Month end fees are assessed at the end of each month and apply to various
transactions that occurred during that monthly only. Month-end fees may
include, but are not limited to, the following:
• Authorization
• Chargeback
• Address Verification Services (AVS) • Retrieval Requests
• Monthly Minimum
• Statement fees
How do I change the bank account for my deposits?
We will need a copy of a preprinted voided check on the new account, plus your
signature for verification purposes. Please send us a pre-printed void check or
bank letter and a written request by fax at 1 866 607-4868 or e-mail at
[email protected].
Note: Person signing the request must be the same person who signed the
merchant processing agreement.
Reminder: If you accept Amex you will need to update your bank details with
Amex, the contact details are below:
Amex: 1 800 445-2639
What should I do if I wish to close my merchant account?
Simply send a letter indicating your intent to close the account and the reason
why. In order to protect yourself, the letter MUST BE SIGNED by the owner(s)
who originally applied for the account. You may also call our merchant support
center (see page 3 for telephone #).
10
PCS0502_TSYS/TSYS
How do I update my company information?
If you change store locations, product, or service offered or simply change your
business telephone number, you must IMMEDIATELY contact our merchant
support department to update your information.
Note: You must also update your details with Amex as well (see page 9 for
telephone #).
What you need to know about PCI Compliance
Who are the founders of the PCI Security Standards Council?
Founders of the PCI Security Standards Council are American Express,
Discover Network, JCB, MasterCard Worldwide and Visa International.
What is the Payment Card Industry (PCI) Data Security Standard (DSS)?
The PCI Data Security Standard represents a common set of industry tools and
measurements to help ensure the safe handling of sensitive information. Initially
created by aligning Visa’s Account Information Security (AIS)/Cardholder
Information Security (CISP) programs with MasterCard’s Site Data Protection
(SDP) program and Discover Information Security Compliance (DISC), the standard
provides an actionable framework for developing a robust account data security
process - including preventing, detecting and reacting to security incidents.
The core of the PCI DSS is a group of principles and accompanying requirements,
around which the specific elements of the DSS are organized:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords
and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public
networks
PCS0502_TSYS/TSYS
11
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and
cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Important Links on PCI Compliance :
To Download the PCI DSS Requirements:
https://www.pcisecuritystandards.org/security_standards/pci_dss_
download.html
Discover Network information on PCI:
http://www.discovernetwork.com/fraudsecurity/disc.html
American Express information on PCI:
www.americanexpress.com/datasecurity
Visa information on PCI:
www.visa.com/cisp
MasterCard information on PCI:
http://www.mastercard.com/us/sdp/merchants/index.html
JCB information on PCI:
http://partner.jcbcard.com/security/jcbprogram/index.html
Pin Based Debit Cards - PIN Transaction Security:
https://www.pcisecuritystandards.org/security_standards/ped/index.shtml
12
PCS0502_TSYS/TSYS
VISA Cardholder Information Security Program, Discover Information
Security Compliance & MasterCard Site Data Protection Program
(CISP/DISC/SDPP Compliance)
Merchant levels defined
Compliance requirements are based on the following merchant levels:
Merchant
Level
Description
1
Any merchant-regardless of acceptance channel-processing over 6,000,000
Visa transactions per year.
Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant
requirements to minimize risk to the Visa system.
2
Any merchant-regardless of acceptance channel-processing 1,000,000 to 6,000,000 Visa
transactions per year.
3
Any merchant processing 20,000 to 1,000,000 Visa e-commerce transactions per year.
4
Any merchant processing fewer than 20,000 Visa e-commerce transactions per year,
and all other merchants-regardless of acceptance channel-processing up to 1,000,000
Visa transactions per year.
* New merchant level definitions effective as of July 18, 2006.
** Any merchant that has suffered a breach that resulted in an account data compromise may be escalated
to a higher validation level.
Compliance validation basics
In addition to adhering to the PCI Data Security Standard, compliance validation is required for Level 1, Level
2, and Level 3 merchants, and may be required for Level 4 merchants.
Level
1
Validation Action
Annual On-site PCI Data Security Assessment
and
Quarterly Network Scan
Validated By
Qualified Security Assessor or Internal
Audit if signed by Officer of the company
Approved Scanning Vendor
2
Annual PCI Self-Assessment Questionnaire
and
Quarterly Network Scan
Merchant
3
Annual PCI Self-Assessment Questionnaire
and
Quarterly Network Scan
Merchant
4*
Annual PCI Self-Assessment Questionnaire
and
Quarterly Network Scan (if applicable)
Merchant
Approved Scanning Vendor
Approved Scanning Vendor
Approved Scanning Vendor
*The PCI DDS requires that all merchants perform external network scanning to achieve compliance.
Acquirers may require submission of scan reports and/or questionnaires by level 4 merchants.
PCS0502_TSYS/TSYS
13
MasterCard Site Data Protection Program
MasterCard's Site Data Protection Program (SDPP) is similar to VISA CISP, with the same 4 merchant
levels, and requirements at each level. This program applies to all merchants accepting MasterCard
transactions. The Merchant Levels for the MasterCard SDP program are defined below.
Merchant
Definition
Criteria
On-site
Review
Self
Assessment
Network
Compliance
Security Scan Date­­­­
• All merchants, including
•
Level 1
•
•
electronic commerce merchants,
with more than 6 million total
MasterCard and Maestro
transactions annually
All merchants that experienced
an account compromise
All merchants meeting the Level
1 criteria of a competing
payment brand
Any merchant that MasterCard,
at its sole discretion,
determines should meet the
Level 1 merchant requirements
Required
Annually1
Not
Required
Required
Quarterly 2
June 30
2005
Required
Annually
Required
Quarterly 2
June 30
2004
Required
Annually
Required
Quarterly2
June 30
2005
Required
Annually
Required
Quarterly 2
Consult
Acquirer
• All merchants with more than
Level 2
•
•
Level 3
•
Level 4
14
one million total MasterCard and
Maestro transactions but less
than six million total transactions Merchant’s
Discretion4
annually
All merchants meeting
the Level 2 criteria of a
competing payment brand
All merchants with annual
MasterCard and Maestro
e-commerce transactions
greater than 20,000 but less than
Not
one million total transactions
Required
All merchants meeting
the Level 3 criteria of a
competing payment brand
• All other merchants
Not
Required
1
For Level 1 merchants, the annual on-site review may be conducted by either the merchant’s
internal auditor or a Qualified Security Assessor.
2
To fulfill the network scanning requirement, all merchants must conduct scans on a quarterly
basis using an Approved Scanning Vendor.
3
Level 4 Merchants are required to comply with the PCI Data Security Standard. Level 4
Merchants should consult their acquirer to determine if compliance validation is also required.
4
As of June 30, 2011, any Level 2 merchant opting to perform a self assessment must be sure
that employees performing said assessment attend and pass PCI SSC-offered merchant training
programs; or, alternatively, Level 2 merchants can complete an onsite assessment performed by
an Approved Scanning Vendor.
PCS0502_TSYS/TSYS
Protecting Yourself Against Fraud
Identifying counterfeit cards and understanding the telltale signs of suspicious
customers is the key to protecting yourself from possible fraud.
• Be wary of customers who make indiscriminate purchases.
• Be suspicious of anyone contacting you for a customer’s credit
card number.
• Be watchful of the cardholder who appears to be too young to have a
credit card.
• Do not accept a card that appears to be physically altered.
• B e conscientious about keeping detailed records of all credit
card transactions.
• Check the signature on the draft or printer receipt against the signature on
the card to verify your customer’s identity. If unsure, ask for a photo ID.
• Be sure to verify all information on the draft or printer receipt carefully if
a card cannot be swiped and an account number must be entered
manually. Pay special attention to the account number, a clear, legible
imprint is crucial.
• Make sure to imprint a draft copy if a sale must be entered manually.
A printer receipt alone with a hand keyed sale will not prevent
a chargeback.
• Check all dates on the card to make sure they are valid before
processing any transaction.
• Compare the card number on the terminal receipt to the embossed
number on the face of the card.
• Personal contact information (address and telephone number) can be
requested and recorded on an invoice- not on a sales draft (important
on large or suspect transactions.)
PCS0502_TSYS/TSYS
15
Protecting Yourself Against Fraud cont’d
CODE 10
Code 10 is a term used by the credit card association and/or Discover Network to
refer to a suspicious transaction. Call your voice authorization center for a CODE
10 authorization, if, for ANY reason you become suspicious of a transaction or
cardholder.
If you suspect that a transaction is fraudulent, call and request a CODE 10
AUTHORIZATION from your voice authorization center immediately.
How do I process a CODE 10 call?
• Place a voice call to the authorization center.
• Once the operator answers state, “THIS IS A CODE 10”.
• Give the following information to the operator:
16
- Account Number
- Card’s Effective Date/Expiration Date
- Cardholder’s Name
- Cardholder’s Address (if available)
- Bank Name on Card.
PCS0502_TSYS/TSYS
Identifying Counterfeit/Altered Cards
Below is a chart that offers the merchant more specific information about how
to detect an altered or counterfeit card. Please share this information with your
employees; knowing what to look for can help prevent credit card fraud.
The most important thing is, if a card looks strange- QUESTION IT!
LEGITIMATE
ALTERED
COUNTERFEIT
Colors may be “off”; Quality
too dark or too light with fuzzy edges.
The word “MasterCard” may
overlay improperly.
PRINT
Clean, crisp,
clearly defined edges.
MasterCard,
Discover Network
or Visa
VINYL
Smooth to touch. Colors
will not scratch off with
thumbnail.
Smooth to touch,
surface may appear
disturbed or uneven.
Smooth to touch may
scratch off. Colors may
appear raised.
EMBOSSING
Easily read, letters will be of same height
and size. Discover Network Cards have
the special embossed Security Character
which appears on the same line as
the “Member Since” and “Valid Thru”
information. It appears as a stylized “D”.
From the back of card, original
numbers or letters may
be detected. If re-embossing
has occurred, the hologram
may be damaged.
SIGNATURE
PANEL
Has a repetitive VISA, Discover Network
or MasterCard pattern. Those with the
new diagonal, multi-color MasterCard
pattern may have the account number
printed in the upper left corner. A
“Discover Network” overprint pattern
appears on the signature panel, along
with an underprint reading “VOID.”
May be pure white. Appears glued or painted. May
appear to have liquid style correction fluid applied over
the signature panel and then have been re-signed.
The new MasterCard multi-colored signature panels are
designed to show signs of tampering. A void pattern
may be revealed under an altered signature panel.
HOLOGRAM
VISA cards will have the VISA dove whose wings appear to
move when the card is rotated. The vertically-shaped hologram
on MasterCard 60/40 has two MasterCard world designs that
May not have a real
change places with the initials “MC” when the card is tilted. The
new 80/20 MasterCard word mark exhibits multi-colored changes hologram, but perhaps
when rotated. All may be silver or gold. The Discover Network
a shiny look-alike.
card design shows a celestial sphere made of interlocking rings
and an arrow pointer. The word “Discover” appears in very small
letters on the shaft of this arrow.
FINE LINE
MasterCard 60/40 cards have repetitive fine line
printing on the card front. Crisp, clear, fine line
printing forms a border around the VISA logo in
the mark’s area and around the MasterCard logo
on the back side of the 80/20 card.
VISA BIN
Applies to VISA only. Card will have the first
4 digits of the embossing account number
already preprinted on the card.
PCS0502_TSYS/TSYS
Uneven, letters
may not match.
Fine line printing causes
counterfeiters to have a difficult
time maintaining the crisp, clean
quality of the letters in the repetitive
printing, and they may appear to be
broken, blotchy or filled in.
Number may not appear at all
on counterfeit card.
17
Processing Credit Card Transactions
With your Pivotal Payments merchant account, you can process credit card
transactions once your terminal is set up. Processing procedures will vary
depending if the customer is present or not and if you are swiping the card or
keying in the information.
1. Consumer is present & credit card is swiped through the terminal
18
• Swipe the card to request the transaction authorization. Hold the card
through the entire transaction
• While the transaction is being processed, check the cards features
and security elements to make sure the card is valid and has not been
altered in any way, (See page 17)
• Obtain authorization and get the cardholder signature on the
transaction receipt
• Compare the name, number, and signature on the card to those on
the transaction receipt
• If you suspect fraud make a code 10 call, (See page 16)
PCS0502_TSYS/TSYS
2. Consumer is present & credit card information is keyed into the
terminal.
If a transaction must be manually keyed into the terminal, use the following
procedure:
• Take an imprint of the card to validate the presence of the card using your
manual imprinter.
• Key the transaction into the electronic terminal.
• ­You will be prompted for the ZIP code and street number for this card. The
customer should provide you with the ZIP code and street number (house
number) that is on their billing statement. This information is sent along with
a transaction using an Address Verification Service (AVS) and is compared
to the billing address for that card. A match will appear on the transaction
record (match, yes or no?) and entitles you to better qualification rates as
you are taking additional steps to protect yourself from fraudulent cards. If a
match is not obtained, you can still process the transaction at a higher
qualification rate.
• Wait for an “Authorization Approval Code” and receipt.
• If you do not receive an electronic authorization, you must obtain a voice
authorization. Please see page 5 for Voice Authorization steps.
Note: You may be required to call for an Authorization Approval Code in
response to a “Please Call” or “Call Center” message that you have received from
your terminal.
• Once you obtain your authorization code, you must write it on the sales draft.
• Post the authorization information to the terminal to ensure payment of
the transaction.
PCS0502_TSYS/TSYS
19
Processing Credit Card Transactions cont’d
IMPORTANT!
Once you have obtained an authorization number for the transaction, you will have
to manually key the transaction into your terminal in order to receive payment
(settlement). You must enter the transaction as an "Offline" or "Force" transaction
and you will be prompted to key in the authorization number you have received.
You may refer to your terminal Quick Reference Guide or call us for assistance.
3. Consumer is not present & credit card information is keyed into the
terminal.
Note that you can process mail/telephone/e-mail transactions only if your merchant account is set up as a mail order/telephone order (MO/TO) business type.
If you are eligible to process MO/TO transactions, follow this procedure:
• Obtain the complete cardholder information including:
20
- Cardholder’s name exactly as it appears on the credit card
- Credit card number
- Credit card expiration date
- The cardholder’s billing address including ZIP code
- Cardholder’s home or billing telephone number.
• Key the transaction into the electronic terminal
• You will be prompted for the customer’s ZIP code and street address.
If your account is set up as a Mail Order Telephone Order (MO/TO) merchant
account, a match is not required in order for the transaction to qualify for the
lowest rate but, you do have to enter all prompts previously mentioned and
Invoice Number (Customer ID). If any field is left blank, the transaction will not
qualify for the best rate.
• Wait for an “Authorization Approval Code” and receipt.
• If you do not receive an electronic authorization, you must obtain a voice
authorization. Please see page 5 for Voice Authorization steps.
PCS0502_TSYS/TSYS
Note: You may be required to call for an Authorization Approval Code in
response to a “Please Call” or “Call Center” message that you have received
from your terminal:
• Post the voice authorization code back to the terminal for transaction
processing.
• Write “Telephone Order,” “Mail Order,” or “Internet Order” as appropriate
on the signature line of the receipt.
• Return one copy to y­our customer and keep one copy for your records.
PCS0502_TSYS/TSYS
21
Processing Credits (Refunds) VIA Your Terminal
A credit (refund) can only be issued to the same credit card account that was
used for the original purchase. Once you process a credit, your terminal will
generate a receipt containing:
• The card account number being credited.
• Date the credit was issued.
• Amount of credit issued.
• Your business name and address.
• Your Terminal Identification number (TID).
(Note: a credit should be issued only through the merchant account that was
used for the original purchase.)
For detailed processing instructions for your terminal, please refer to your
terminal’s quick reference guide that was included in your welcome kit.
What is “Batching out” and how often should I do it?
“Batching out” or “End-of-Day Settlement” refers to the process of closing your
terminal down for the day. Each tim­e you run a transaction, the first one of the day
starts a batch. In order for your terminal to “settle” or contact the host to insure
you get paid, it must be instructed that you are done with this batch and would
like to settle it. We have auto-settle options available on some terminal models,
others you will have to remember to settle every day.
For detailed processing instructions for your terminal, please refer to your terminal’s quick reference guide that was included in your welcome kit.
22
PCS0502_TSYS/TSYS
Submitting Your Credit Card Charges and Credits
Settlement: The process of transferring funds for sales and credits between
acquirers and issuers, including the final debiting of a cardholder’s account and
the crediting of a merchant account.
Batch: The accumulation of transactions gathered, reconciled and transmitted for
clearing and settlement.
Batch close: The process of sending transactions to the processor for clearing
and settlement.
In order to obtain settlement for transactions processed, you must submit
(upload) the charges from your terminal. This is a simple procedure and should
be done at the end of each business day and only after the goods or services
have been provided or delivered.
Procedure for submitting charges/credits:
• Press the "Settlement" key on your terminal at least once a day to
transmit all of the charges and credits you process.
PCS0502_TSYS/TSYS
23
Accepting Debit Cards
In order to accept debit cards, you must have a signed agreement with
Pivotal Payments. There are two types of debit transactions – online and offline:
• Online debit (or PIN-based) transactions require customers to enter a
secure PIN at the point-of-sale terminal and the amount of the transaction
is debited from the customers’ checking account.
• Offline debit transactions (or signature-based) do not require customers
to enter a secure PIN, but instead, sign a receipt authorizing their financial
institution to debit their account for the amount of the transaction. This
type of transaction can be made with an ATM/debit card bearing a
MasterCard, Discover Network or VISA logo on the front.
When you offer debit as a form of payment, you are supplied a number of debit
network logos, which are to be displayed at terminal locations and storefront
doors or windows, and are to be of a size no smaller than the logo of any of the
other card types accepted.
As a debit merchant, you are required to follow certain other procedures in
order to offer debit as a payment option, they are listed below:
24
• The merchant is required to honor all valid debit network cards with
terms no less favorable than the terms under which the merchant
accepts other card types.
• The merchant must not set minimum or maximum transaction amounts
for debit card transactions, or a minimum amount as a condition for
accepting the card.
• For PIN-based transactions, the payment terminal shall be equipped with
a Personal Identification Number (PIN) entry device for use by the cardholder to enter their PIN. The PIN entry device must be at or in close
proximity to the point-of-sale device and conform to PCI PTS requirements
.
• The merchant may not require or request a cardholder signature.
The cardholder’s PIN is their electronic signature.
• The merchant may not ask the cardholder to disclose their Personal
Identification Number.
PCS0502_TSYS/TSYS
Accepting Debit Cards cont’d
• The receipt for a debit card transaction is to be produced by the
printer and be made available to the cardholder at the time the transaction is completed.
• The merchant copies of debit card transaction records are to be retained
for a period of 18 months.
• With an offline debit transaction, always compare the signature on
the back of the card with that of the receipt.
• Do not provide cash-back during an offline transaction.
PCS0502_TSYS/TSYS
25
Chargeback Management
What exactly is a chargeback?
A chargeback occurs when a customer contacts a credit card Issuing Bank to
initiate a refund for a purchase they made on their credit card. The reasons why
chargebacks arise can vary greatly but generally, they are the result of a customer being dissatisfied with their purchase.
The customer may or may not have contacted the merchant about remedying
this situation ahead of time. They may even be completely wrong. However,
responsibility falls to the seller to ensure that the transaction goes smoothly and
the customer is satisfied. A failure somewhere within the fulfillment process,
including at the customer service level, can lead to a chargeback.
The Chargeback Process
26
1) The customer disputes a transaction by contacting their card Issuing Bank.
2) The card Issuing Bank researches to determine whether the reasoning
for the chargeback is valid. If not, the chargeback is declined and the
customer is held responsible for the charge.
3) A provisional credit is provided to the customer. The card Issuing Bank
initiates a chargeback process and obtains credits from the merchant’s
Processing Bank.
4) The merchant’s Processing Bank researches the validity of the chargeback. If they determine the chargeback is invalid, they will decline the
chargeback and return it to the card Issuing Bank.
5) The chargeback amount is removed from the merchant’s account
and the merchant’s Processing Bank provides written notification to
the merchant.
6) Did a processing error occur? If so, the sale is re-presented to the card
Issuing Bank for corrections.
PCS0502_TSYS/TSYS
The Chargeback Process cont’d
7) The merchant provides documentation to remedy the chargeback. If the
provided documentation is found to be satisfactory, the chargeback is
declined and the customer is once again charged for the sale. If the documentation is found to be unsatisfactory, the chargeback is successful and
the process ends.
There are multiple steps involving multiple parties and each step requires the
responsible party to dedicate a certain amount of time to its management.
The resolution of a typical chargeback can take anywhere from six weeks to
six months.
Chargeback management
The best way to deal with any chargeback is to prevent it from happening in
the first place. The following suggestions are very generic and can be used by
most businesses to decrease their chargeback potential.
• Use a clear DBA (Doing Business As) name that customers will recognize.
Vague corporate names that do not accurately describe what your company might do or sell will only confuse customers when they review their
billing statements. An unrecognized DBA name on billing statements is one of the most common causes of chargebacks.
• Put your phone number on your customers’ statements. If they do not
recognize your DBA, they can call you to find out who you are and why
you charged them. This is mandatory for e-commerce and MO/TO.
• Always respond to a chargeback as quickly as possible. A limited amount
of time (10 business days) is available to resolve a chargeback. If you miss
the window of opportunity to respond, you forfeit your ability to fight the
chargeback.
• Never accept an expired credit card.
• Obtain authorization for the full amount of the sales. Declined transactions should not be accepted or split into smaller amounts.
• Some disputes are not the result of unauthorized credit card use. Rather,
they start because the customer disputes the quality of the goods or services purchased. The best way to avoid this type of chargeback is to work
closely with the customer to establish a mutually satisfactory resolution.
PCS0502_TSYS/TSYS
27
Chargeback Management cont’d
28
• Call or fax any large or suspicious orders to ensure the order is legitimate.
If you are unable to reach the customer, you might have intentionally been
given incorrect contact information – you should void this transaction.
• Verify the customer’s address. It is possible to verify the customer’s
name, address and phone number with the card Issuing Bank. By calling
the Voice Authorization Center for address verification, you can verify the
address and also provide proof that you verified the address.
• Always get signed proof of delivery. Be able to provide a shipping tracker
log that shows that the customer received the shipped goods.
• Charge the customer’s account at the time the goods are shipped. If you
know there will be a delay in delivery, wait to process your customer’s
credit card.
• Be suspicious of high-ticket sales requested to be sent next-day air or
if a runner will be in to pick up the purchase at a later time.
• Use the fraud services offered by the Processing Bank including AVS
(Address Verification) CID and CVV2.
• Have your return/refund policy clearly stated on your website and in your
store. Make it a requirement that customers read the policy before their
order can be processed.
• Provide accurate descriptions and images of your products on your website.
• Be very cautious of any foreign orders. Generally, orders from Asia,
the Middle East and most parts of Africa are considered high-risk.
• Be wary of orders with domestic billing addresses and foreign shipping
addresses. They are usually fraudulent.
• Be wary of orders for which the customer is willing to pay more for
faster delivery.
PCS0502_TSYS/TSYS
Chargeback Reasons
Common chargebacks in a card-not-present environment:
1. Cancelled recurring transaction
(Visa/MasterCard Reason CODE: 41, DISCOVER NETWORK CODE:
AP)
Merchant continued to charge cardholder’s account for recurring transaction
after receiving a notice of cancellation.
Note: for merchants with variable recurring transaction amounts. When you set
up the customer’s recurring billing, you should have disclosed that this charge
would be for a variable amount and permitted the cardholder to set a range of
approved charges. If a charge exceeded this amount and you did not notify the
cardholder in advance, they are able to successfully dispute the charge using
the above reason code. If the customer disputed the charge using that reason
code, we recommend you contact the cardholder directly to obtain payment
and determine if this recurring service should be cancelled.
Tips: - P rovide the documentation by the due date to preserve your rights.
- Represent the chargeback regardless of whether the customer
states they will cancel the chargeback (to preserve your rights).
- Issue credits to the account used in the purchase and not by check
or money order.
2. Service not provided or merchandise not received
(Visa Code: 30, MasterCard CODE: 55, DISCOVER NETWORK CODE:
RG)
Cardholder acknowledges participating in the transaction and claims one of
the following occurred:
- Cardholder did not receive merchandise or other item of value that
was shipped.
-M
erchant was unwilling or unable to provide purchased services.
-S
ervices were paid for using another method.
- Cardholder did not receive merchandise at the agreed upon location
or by the agreed upon delivery date.
PCS0502_TSYS/TSYS
29
Chargeback Reasons cont’d
- If the credit issued was a partial credit, be sure to include an explanation
as to why full credit was not issued.
Tips: - If available, provide a signed delivery receipt or similar document by
the due date to preserve your rights.
- Represent the chargeback regardless of whether the customer
states they will cancel the chargeback (to preserve your rights).
- Issue credits to the account used in the purchase and not by check
or money order.
3. Duplicate processing
(Visa Reason Code: 82, MasterCard Reason CODE: 34,
DISCOVER NETWORK CODE: DP)
A single transaction was presented two or more times to the issuer for the same
cardholder account number, similar transaction amounts and similar clearing
data. If the same transaction was processed by different acquirers, the issuer is
required to dispute the transaction that posted last.
For express payment service (EPS) or small-ticket transactions, the amounts
must be the same.
Tips: - Provide two different signed receipts or invoices. If sales receipt does
not contain details of items purchased, include an itemized list.
- For contactless and small-ticket transactions, signatures are not
required just detail of what was purchased.
4. Fraudulent multiple transactions (Visa Reason Code: 57)
The issuer receives a written complaint from its cardholder who acknowledges
participation in at least one transaction at the same merchant location where
the other transactions(s) allegedly involving the cardholder took place, but
states that:
30
- He/she neither participated in nor authorized the other
transaction(s), and
- The card was in his/her possession at the time(s) of the other
transaction(s).
PCS0502_TSYS/TSYS
Chargeback Reasons cont’d
Tip:- Always keep a copy of the signed sales draft and or invoices
for all transactions that the cardholder participated in. Provide to the
issuer when requested.
5. No authorization (Visa Reason Code: 72,
MasterCard Reason CODE: 47, DISCOVER NETWORK CODE: VA10)
Transaction exceeds the floor limit and an authorization was not obtained on
the transaction, or transaction is an online check card transaction or an
original adjustment.
Tip:
- Authorization code along with date and amount of authorization,
if other than the transaction date and amount.
6. Incorrect transaction amount or account number
(Visa Reason Code: 80)
Used under any of the following circumstances:
- Merchant processed an incorrect transaction amount.
- Merchant processed an account number that did not match
the one on the transaction receipt.
- Cardholder’s transaction receipt contains an addition or
transposition number.
- Transaction receipt was altered without cardholder’s permission.
Tip:- A signed sales receipt with imprint or swipe to show that cardholder
agreed to the amount or that card number was correct. A written
rebuttal is required if amount was altered after cardholder signed the
receipt.
PCS0502_TSYS/TSYS
31
Chargeback Reasons cont’d
7. Fraudulent transaction – Card-not-present
environment (Visa Reason CODE: 83, DISCOVER NETWORK CODE:
VA20)
A transaction was processed in a card-not-present environment without the
cardholder’s permission or with a fictitious account number.
Also may be used on an e-Commerce transaction in which the issuer responded to an authentication request with the CVV2/CID but the acquirer did not
provide in the authorization request.
Tips: - Invoice with ship to/bill to addresses, AVS results, CVV2/CID
results if applicable, and signed proof of delivery.
- If T&E, proof that the sale was properly processed “no show”
transaction.
8. Credit not processed (Visa Reason Code: 85,
MasterCard Reason CODE: 60, DISCOVER NETWORK CODE: RNI)
The merchant issued a credit transaction receipt or refund acknowledgement
but the transaction was not processed through interchange, or
The cardholder returned merchandise or cancelled a sale but did not receive a
credit receipt or refund acknowledgement.
Tip:
- A written rebuttal addressing the cardholder’s claim and any
supporting documentation to prove the case, such as a signed
contact or return policy.
Retrieval Requests
A retrieval request occurs when your customer requests more information
about a transaction that appears on his/her credit card settlement. Ideally, a
merchant would send in the signed sales draft for the transaction in question
but delivery receipt would be sufficient documentation for an Issuing Bank.
You must respond to all retrievals that you receive within 10 business days of
receiving them. If you miss the deadline the retrieval will turn into a chargeback
and the value of the transaction will be debited from your bank account and
credited back to the cardholder.
32
PCS0502_TSYS/TSYS
Social and Business Networks
As part of Pivotal Payments’ commitment to providing more value to its clients,
we have made it our goal to reach out to business owners using online social
networking and business networking sites.
Facebook.com/pivotalpayments
Twitter.com/pivotalpayments
Linkedin.com/company/pivotal-payments
Youtube.com/pivotalpayments
PCS0502_TSYS/TSYS
33